UnSecurity 1: Spoofing and sysctl
Posted: Sun Aug 19, 2001 1:40 pmSup kids? So you just started running this great script for peeping passwords from people. Hey, you even tested it on yourself and found those lost passwords to your mail/aim/napster/etc. But, for some reason when you turn it on and try it with other people it just doesn't work....
OOOOOPS man sysctl
You're not getting mommy, daddy, and that evil sister-in laws passwords because you forgot to turn on ipforwarding *note: some apps like fragrouter allegedly do this for you*
Worse still! Nobody can access the net...except maybe you depending on what you're using. You're not seeing passwords because nothing past your machine is seeing requests.
Spoofing, unlike merely sniffing, actively utilizes your machine to forward information to each machine. So...before you get all happy on your bosses mastercard account number you need to do this
sysctl -w net.inet.ip.forwarding=1
(1 is on)
but...read the manual
when you're done being promiscuous
sysctl -w net.inet.ip.forwarding=0
(0 is off)
-j
OOOOOPS man sysctl
You're not getting mommy, daddy, and that evil sister-in laws passwords because you forgot to turn on ipforwarding *note: some apps like fragrouter allegedly do this for you*
Worse still! Nobody can access the net...except maybe you depending on what you're using. You're not seeing passwords because nothing past your machine is seeing requests.
Spoofing, unlike merely sniffing, actively utilizes your machine to forward information to each machine. So...before you get all happy on your bosses mastercard account number you need to do this
sysctl -w net.inet.ip.forwarding=1
(1 is on)
but...read the manual
when you're done being promiscuous
sysctl -w net.inet.ip.forwarding=0
(0 is off)
-j